apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: default-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: openpitrix-system
---
apiVersion: batch/v1
kind: Job
metadata:
  name: hyperpitrix-generate-kubeconfig
  namespace: openpitrix-system
  labels:
    app: hyperpitrix
    job: hyperpitrix-generate-kubeconfig
    version: {{ op_version }}
spec:
  backoffLimit: 100
  completions: 1
  parallelism: 1
  template:
    metadata:
      labels:
        app: hyperpitrix
        job: hyperpitrix-generate-kubeconfig
        version: {{ op_version }}
      name: hyperpitrix-generate-kubeconfig-job
    spec:
      initContainers:
        - name: wait-runtime-manager
          image: {{ busybox_repo }}:{{ busybox_tag }}
          imagePullPolicy: IfNotPresent
          command: ['sh', '-c', 'until nc -z hyperpitrix.openpitrix-system.svc 9103; do echo "waiting for runtime-manager"; sleep 2; done;']
      containers:
        - command: ["generate-kubeconfig","-srv","https://kubernetes.default"]
          name: hyperpitrix-generate-kubeconfig
          imagePullPolicy: IfNotPresent
          image: {{ generate_kubeconfig_repo }}:{{ generate_kubeconfig_tag }}
        - command: ["migrate-runtime"]
          name: hyperpitrix-migrate-runtime
          imagePullPolicy: IfNotPresent
          image: {{ generate_kubeconfig_repo }}:{{ generate_kubeconfig_tag }}
      restartPolicy: OnFailure
      dnsPolicy: ClusterFirst
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30